<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>most likely a firewall issue<br><br>sent from a tiny device </div><div><br>On 2013-08-16, at 15:32, Magnus Holmberg <<a href="mailto:magnus.holmberg@delphideveloper.net">magnus.holmberg@delphideveloper.net</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<br>
<br>
Hello.
<br>
<br>
I try to setup a vpn connection but the last thing I can see in the
log is #1: initiating Main Mode<br>
<br>
<br>
My server is located at ip
<br>
33.45.172.231
<br>
<br>
And the network behind is :
<br>
91.234.12.129/27
<br>
<br>
The remote end has specified this:
<br>
<br>
<br>
<br>
<br>
Remote details:
<br>
<br>
IPSEC Gateway 110.95.85.110
<br>
Net 192.220.144.0/24
<br>
<br>
<br>
VPN Configuration Phase 1 (IKE)
<br>
<br>
encryption scheme: ike
<br>
ike mode: main mode
<br>
encryption: 3des
<br>
authentication: sha1
<br>
authentication method: pre-shared key (shared secret)
<br>
diffie hellman group: group 2 (1024 bit)
<br>
isakmp lifetime: 86400 sec (1440 minutes)
<br>
<br>
<br>
VPN Configuration Phase 2 (IPsec)
<br>
<br>
ipsec mode: tunnel mode
<br>
ipsec protocol: esp
<br>
encryption algorithm: 3dec
<br>
authentication: sha1
<br>
perfect forward secrecy (pfs): disabled
<br>
security lifetime: 3600 seconds
<br>
<br>
<br>
Cisco configuration example:
<br>
<br>
crypto isakmp policy <priority>
<br>
encryption 3des
<br>
hash sha
<br>
authentication pre-share
<br>
group 2
<br>
lifetime 86400
<br>
!
<br>
crypto ipsec transform-set 3des-168-sha esp-3des esp-sha-hmac
<br>
!
<br>
crypto isakmp key <pre-shared-key> address 110.95.85.110
<br>
!
<br>
crypto map <map-name> <seq-num> ipsec-isakmp
<br>
description *** XXXX ***
<br>
set peer 110.95.85.110
<br>
set transform-set 3des-168-sha
<br>
match address <access-list-id>
<br>
!access-list <access-list-id> ip host <your-ftp-host>
192.220.144.0 0.0.0.255
<br>
<br>
<br>
Would the config below work? Or have I missed something?
<br>
<br>
config setup
<br>
protostack=netkey
<br>
nat_traversal=yes
<br>
virtual_private=
<br>
oe=off
<br>
<br>
<br>
conn MyVpnConnection
<br>
authby=secret
<br>
auto=start
<br>
dpddelay=3
<br>
dpdtimeout=120
<br>
dpdaction=restart
<br>
ike=3des-sha1-1024
<br>
esp=3des-sha1
<br>
rekey =yes
<br>
#keyingtries=3
<br>
keylife=30m
<br>
ikelifetime=1440m
<br>
left=33.45.172.231
<br>
leftsubnet=91.234.12.129/27
<br>
pfs=no
<br>
right=110.95.85.110
<br>
rightid=110.95.85.110
<br>
rightsubnet=192.220.144.0/24
<br>
<br>
<br>
What have I missed?<br>
<br>
<br>
<br>
<div class="moz-signature">-- <br>
<b>Magnus Holmberg</b>
<p>Cell: + 46 (0)709 91 94 63</p>
</div>
</div></blockquote><blockquote type="cite"><div><magnus_holmberg.vcf></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>